Internet security: Shutting the doors to keep hackers off your network

Similar documents
Cloud Vs. On-premise. Identifying technology services best sourced from external providers and those best supplied from in-house resources

We ll be right back: Data back up and Disaster Recovery for smaller and expanding businesses

5 ways Mimecast relieves the headache of

Managed Security Services

Stable and Secure Network Infrastructure Benchmarks

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Top tips for improved network security

Cyber Security Issues - Brief Business Report

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Open an attachment and bring down your network?

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

Information Security

CYBER SECURITY Audit, Test & Compliance

Cyber Security Where Do I Begin?

Internet threats: steps to security for your small business

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

How To Protect Your Organisation From Viruses At The Gateway Of Your Network And Internet At The Same Time

Network Security and the Small Business

OPC & Security Agenda

Cyber Risks and Insurance Solutions Malaysia, November 2013

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Endpoint Security Management

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Promoting Network Security (A Service Provider Perspective)

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

The Cancer Running Through IT Cybercrime and Information Security

Top Five Security Issues for Small and Medium-Sized Businesses

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Are you prepared to be next? Invensys Cyber Security

Security - A Holistic Approach to SMBs

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Beyond the Hype: Advanced Persistent Threats

Small businesses: What you need to know about cyber security

Cyber/ Network Security. FINEX Global

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Advantages of Managed Security Services

The Ministry of Information & Communication Technology MICT

How To Cover A Data Breach In The European Market

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Practical guide for secure Christmas shopping. Navid

Mitigating and managing cyber risk: ten issues to consider

Protecting Organizations from Cyber Attack

A Decision Maker s Guide to Securing an IT Infrastructure

The Key to Secure Online Financial Transactions

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Introduction: 1. Daily 360 Website Scanning for Malware

How to Practice Safely in an era of Cybercrime and Privacy Fears

Penetration Testing Service. By Comsec Information Security Consulting

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

CuTTIng ComplexITy simplifying security

Credit card acceptance and software security: Vetting your provider. Jude Augusta and Dan Rowe

The Leading Provider of Endpoint Security Solutions

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

SIZE DOESN T MATTER IN CYBERSECURITY

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

A practical guide to IT security

Cyber Security for audit committees

Presentation Objectives

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Simple security is better security Or: How complexity became the biggest security threat


White Paper. McAfee Web Security Service Technical White Paper

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Design Your Security

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Security for NG9-1-1 SYSTEMS

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Getting a Secure Intranet

What is Penetration Testing?

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

How To Protect Your Data From Being Stolen

User Manual. HitmanPro.Kickstart User Manual Page 1

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Getting real about cyber threats: where are you headed?

Cyber Protection for Building Automation and Energy Management Systems

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Security survey in the United States

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Data Security in the Insurance Industry: WHAT YOU NEED TO KNOW

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

DOWNTIME BREACHES DATA LOSS. SYMANTEC TECHNICAL SERVICES HELP YOU AVOID THEM.

Unit 3 Cyber security

Identifying Cyber Risks and How they Impact Your Business

Newcastle University Information Security Procedures Version 3

What is Cyber Liability

INFORMATION SECURITY FOR YOUR AGENCY

ITAR Compliance Best Practices Guide

Transcription:

Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com

Introduction Like all revolutionary steps in technological development the Internet provides enormous benefits, but it is not without downside risk. In this respect we can draw a parallel with nuclear technology; access to enormous amounts of power without CO2 release sounds like it s too good to be true, and for many it is; the waste products from nuclear energy production and weapons of mass destruction are often seen as an unacceptable downside. Although the Internet is not credited with the ability to destroy an entire city (yet!) it has been used to launch attacks capable of temporarily pulling down nation state-owned cyber assets such as government websites and military information systems. The United States has publicly accused China of such activities. The computer worm Stuxnet is strongly suspected of being a state sponsored cyber weapon specifically designed to attack the nuclear programme of Iran. If such highly targeted activities continue to shape cyber warfare strategically throughout the 21 st century, the chances are most us won t be impacted by it. What we are far more likely to experience are attacks by hackers. The motivation for misuse of the Internet by hackers varies. If pimply teenage nerds hacking away in their bedrooms for bragging rights amongst their peer group are the innocent end of the spectrum, then hacktivists seeking the oxygen of publicity for political purposes are somewhere in the middle. For most businesses neither of these represents a substantial threat. However, at the other end are organised cyber criminals seeking to steal identities and logins to accounts, commercially sensitive data or intellectual property (IP), or trying to manipulate financial systems. In 2011, the first year that figures were published, a government report said cyber crime cost the UK economy 27bn. Of this, 21bn - almost three-quarters of the burden - fell on businesses. IP theft cost 9.2bn and industrial espionage 7.6bn. This was followed by extortion at 2.2bn and direct online theft at 1.3bn. Around 1bn was lost through theft of customer data. The Federation of Small Businesses put the number of unreported cyber crimes against smaller organisations at 40%. If we couple such tangible losses to the disruption and reputational damage that may result from security breaches, then it is clear that all businesses need to ensure that adequate internet security measures are in place. In this guide we look at how businesses can beat the hackers by following some simple rules. 1. Don t connect your business computers to unsecured network infrastructure If we equate a computer to the place where you live, connecting to unsecured infrastructure is the cyber equivalent of leaving the doors of your home open and putting up a sign saying Come on in and help yourself. Hackers use freely-available software tools to port scan. Port scanning is a continual search for devices on the Internet such as servers and computers with vulnerabilities which hackers are able to exploit. When connected to the Internet via an unsecured connection your computer data is vulnerable to theft or infection with malicious computer software such as viruses, worms or spyware. Make sure any infrastructure you connect to is secured by a firewall. By default, a firewall closes every door to your network from the internet. For correct operation different applications and

computer services need to communicate with resources that reside on the Internet. The IP ports allow this traffic to pass through the firewall. Firewall doors or IP ports have specific numbers and need to be manually configured to remain open to allow specific information through the device. Port 25 for SMTP (email) and port 80 for HTTP (website traffic) are examples of IP ports that have to be opened to allow users to send and receive email or browse internet sites. 2. Do not assume an internet connection is secure In locations where you are offered internet services, such as a public space where free Wi-Fi is provided or a serviced office, never make the mistake of assuming the connection is secure. In the case of public Wi-Fi, you have no idea of who may be connected to the service and what they may be doing. Hackers connected to the Wi-Fi service use hacking tools to steal login credentials to personal and business accounts. They may also be able to take over a session between your computer and a secure service, such as internet banking. In the case of serviced offices always find out what security is provided before you plug into the web connection. As an example consider the phenomena of cryptoviral extortion or ransomware ; a business on an unsecured network in a serviced office was hacked and server data was encrypted by the hacker. The hacker offered to provide the key for decrypting the data in return for payment. To avoid having to pay, the only solution was to restore the data from the most recent back up. This resulted in the loss of one day s data as well as downtime while the data was restored. 3. Do not rely on a low cost router to act as a firewall A router is a device that provides physical connection to the Internet. A firewall is a separate hardware device dedicated to safeguarding a network against threats from the Internet. Routers are able to provide a certain amount of firewalling capability because they perform NAT (Network Address Translation). NAT is the process of directing Internet traffic coming into the router s external IP address to the IP addresses of the internal network computers. We are all familiar with a low cost single device which combines routing and acts as a firewall - it s what we usually have at home for connecting to broadband services. These are fine for domestic or SOHO use but there are drawbacks when we up-scale to larger businesses. Smaller, expanding and mid-sized businesses have greater demands and more complex requirements which make low-cost routers which act as firewalls unsuitable. Essentially a dedicated hardware firewall centralises network management, makes security more reliable and administration easier. Higher-end devices, which combine routing with firewall services while successfully meeting the needs of business by providing industry-standard security and centralised network management, are available. Software firewalls - like those found on computers using Microsoft Windows operating systems - should not be taken to be a substitute for a hardware firewall within a business environment. These may be prevented from working if the computer becomes infected, do not offer the capabilities of a hardware firewall and cannot be centrally managed, meaning the software on each individual computer requires manual administration.

4. Adopt a layered approach to security Just because you have a separate router and a firewall or a single higher-end device does not mean that IT security stops there. Although the Internet is the primary threat channel, viruses, worms and other malicious computer code could get onto your network through a USB stick or a portable hard drive, for example. Or a visitor could connect and infect your network. For this reason it is highly advisable to adopt a layered approach to network security. At a minimum, anti-virus software should also be used to scan computers and servers and detect and eliminate malicious code. It is also worth considering an email scanning service. This is highly effective at preventing the spread and infection of viruses by email. For example, if a virus got onto your network through a USB stick you could spread it to your clients through email. An effective email scanning service would help to prevent this. Such services also offer higher-value benefits such as bottomless email archiving and attachment management. 5. Use the services of a reputable service provider to ensure your internet connection is secure IT security is an area of significant complexity. If an organisation elects to undertake security as an internal activity, any lack of expertise or gaps in knowledge exposes the organisation to considerable risk. This is especially acute in smaller businesses of less than 25 people which may lack a dedicated IT support person or manager. If we scale up to expanding businesses of 25-100 or mid-sized businesses of 100+ people, where career IT professionals are on staff, the risk is reduced; however the complex nature of security and threat agility means IT security is an area that demands continual vigilance and regular refresh. To ensure that the threat from the Internet is effectively controlled, businesses need to obtain the services of a trusted technology services partner with first class security credentials. The best service providers tailor services to the needs of each client. For smaller businesses the technology services partner should offer a managed service which provides complete peace of mind on security matters. IT security should be set up and proactively managed on a day-to-day basis by the service provider. Expanding and mid-sized businesses, which have different needs according to the skills of in-house personnel, should be able to opt for a sliding scale of services. This should include anything from a managed service, if required, through to consultancy services provided by security-cleared network security experts. Network security services from Paralogic For more information on network security services please contact us for an initial discussion on 01844 293 330.

About Paralogic Network Solutions Established in 2002, Paralogic Network Solutions is headquartered in Buckinghamshire. Our combination of cloud-based services, Help Desk Support and field-based people provide nationwide coverage, letting us make sure our clients stay up and running, no matter where they are located. Over the last 30 years businesses have become increasingly dependent on technology, driving demand for service flexibility and excellence. This trend continues to shape our approach to service. We recognise the differing needs of smaller (less than 25 user), expanding (25 100 user) and midsized (100+ user) businesses. Our service driven ethos enables us to provide services appropriate to each customer s need, enabling the full benefit of technology to be obtained. You could describe us as an honest broker; on one side we partner with our clients because their IT is our business; on the other we maintain partnerships with leading technology vendors, keeping them in touch with the needs of our clients. We focus on delivering cost-effective, sustainable, innovative solutions and qualified, proven IT services. Clients across the UK value our professional services and benefit from implementing our solutions. For more information on Paralogic Network Solutions get in touch: T: 01844 293330 E: sales@paralogic.uk.net W:

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information